| Age | Commit message (Collapse) | Author |
|---|
|
Demonstrate a bug with AES CFB 128 for certain key sizes introduced
with the Erlang 19.0 release. The code in the block_crypt_nif function
in the crypto.c source file incorrectly calls aes_cfb_8_crypt when the
specified cipher is aes_cfb8 or aes_cfb128 and the key size is 24 or
32. The aes_cfb_8_crypt function calls the AES_cfb8_encrypt function
from the openssl interface, but this is incorrect when the cipher is
aes_cfb128.
Unfortunately the test cases in the crypto test suite are insufficient
to detect an issue like this because it exercises the encryption and
decryption roundtrip using the same incorrect underlying function. The
problem was observed when trying to update an application to Erlang 19
that attempted to decrypt data that was encrypted using aes_cfb128 by
another source. In this commit I altered the crypto test suite to
provide a demonstration of this problem.
|
|
|
|
OpenSSL has deprecated the function RAND_pseudo_bytes used by
crypto:rand_bytes/1, so this function is now deprecated in OTP too.
rand_bytes/3 also used this function, but was not documented
so we can remove it right away.
This commit also removes the fallback in generate_key to use
rand_bytes/1 if strong_rand_bytes/1 throws low entropy.
This is a potential incompatibility but we think it is desirable
as crypto should provide cryptographically secure functions.
|
|
|
|
|
|
|
|
|
|
Avoid hardcoding EC curve names in tests where it basically doesn't
matter which curve is used. Take one of the supported curbes instead.
Also, when testing ECDH key generation, skip unsupported curves.
These changes are to simplify dealing with exotic libcrypto builds
that don't support certain curves (for example RHEL disallows < 256
bit curves). The crypto application is only able to detect the
supported curves on a very coarse level (ECC support in general and
GF2m curves), so it may be necessary to edit the list of curves in the
crypto_ec_curves modules. But that should be the only necessary
modification to make the crypto tests pass.
|
|
|
|
OTP-13207
* sverk/crypto/aes-ecb-192-bit:
crypto: Support 192-bit keys for AES ECB
|
|
|
|
and deprecate aes_cbc128 and aes_cbc256 in favor of aes_cbc.
This commit is pr 832 squashed, rebased and made work on master
https://github.com/erlang/otp/pull/832/commits
|
|
The OSE port is no longer supported and this commit removed it
and any changes related to it. The things that were general
improvements have been left in the code.
|
|
|
|
To not fail on openssl built with #define OPENSSL_NO_EC2M
(Why does the test not verify all supported curve types?)
|
|
|
|
Despite the confusion caused by the name, aes_cfb_8_crypt and
aes_cfb_128_crypt can use key lengths of 128, 192, or 256. The integer
in the function name refers to the block size for CFB mode. Change
the aes_cfb_8_crypt and aes_cfb_128_crypt functions to accept and use
keys of length 128, 192, or 256. Also augment the existing testing for
these functions using the NIST test vectors for the additional key
lengths to ensure the changes function properly.
|
|
* andreaTP/added-aes-ecb-to-crypto/OTP-12403:
aligned implementation following last specs
finally fixed docs
fixed incorrect tag
proposal of documentation
fixes and tests
add aes ecb to crypto library
|
|
|
|
|
|
enhance generate_key to calculate ECC public keys from private keys
|
|
|
|
|
|
SRP didn't work with smaller primes as user secret was improperly
computed.
Formula is: (B - (k * g^x)) ^ (a + (u * x)) % N
Previously, the code computed a + (u * x) % N instead of a + (u * x).
a typically is a 256 bits random number (RFC 5054 says it should be at
least 256 bits), u and x are SHA1 signatures (160 bits). So a + (u * x)
can differ from a + (u * x) % N for N primes smaller than 320 bits.
|
|
This adds the aes_cfb8 cypher type (and associated tests and
documentation) to the crypto module.
|
|
* lukas/ose/master/OTP-11334: (71 commits)
erts: Fix unix efile assert
ose: Use -O2 when building
ose: Expand OSE docs
ose: Add dummy ttsl driver
ose: Cleanup cleanup of mutex selection defines
ose: Polish mmap configure checks
ose: Add ose specific x-compile flags
ose: Updating fd_driver and spawn_driver for OSE
ose: Updating event and signal API for OSE
ose: Cleanup of mutex selection defines
win32: Compile erl_log.exe
ose: Remove uneccesary define
ose: Fix ssl configure test for osx
erts: Fix sys_msg_dispatcher assert
ose: Fix broken doc links
ose: Thread priorities configurable from lmconf
ose: Yielding the cpu is done "the OSE" way
ose: Start using ppdata for tse key
ose: Do not use spinlocks on OSE
ose: Fix support for crypto
...
Conflicts:
lib/crypto/c_src/crypto.c
|
|
To enable it you have to modify the OSESSL variable in the
ose xcomp file.
|
|
Add the mentioned test suites for *all* library and touched
non-library applications.
|
|
RFC-5649, Section 1, documents the advantages that these curves
might have over others (ANSI, SEC1/2)
|
|
Vectors have been taken from NIST's CRYPTOGRAPHIC ALGORITHM VALIDATION
PROGRAM (CAVP) (http://csrc.nist.gov/groups/STM/cavp/)
|
|
* sverk/yb/aes_ige_crypt:
crypto: Update supports/0 for des3_cbf and aes_ige256
crypto: Throw notsup for AES IGE if openssl older than 0.9.8c
crypto: Add IGE mode for AES
OTP-11522
|
|
Amendment to f1ebf482e1460d6146d55aa6cab00ab3e11f1741
|
|
|
|
|
|
|
|
|
|
Also fix bugs found by new tests
|
|
to conform with the return value of the other types.
|
|
|
|
|
|
|
|
|
|
|
|
and remove corresponding specific functions for srp and ecdh
but leave dh_ functions for backward compatibility.
|
|
and remove curve from the returned tuple.
|
|
|
|
as well as mpint's for backward compatibility.
|
|
for rsa, dss, and new ecdsa.
No mpint's accepted.
|
|
|
|
Conflicts:
lib/crypto/src/crypto.erl
|
